Ransomware Nearly a fifth of victims who pay off extortionists fail to get their data back

Many consumer victims of ransomware scams fail to get access to their data even after they pay off extortionists, according to a survey by Kaspersky.

The poll found that close to half (46%) of UK ransomware victims paid the ransom to restore access to their data last year, yet an unfortunate 11% of victims who shelled out did not have their stolen data returned.

Whether they paid or not, only 18% of 1,006 UK victims surveyed were able to restore all their encrypted or blocked files following an attack.

Internationally the picture is still worse with more than half (56%) paying off extortionists and nearly one in five of whom (17%) failing to get their data back even after paying out.

In a multi-national poll (PDF) of 15,000 consumers commissioned by Kaspersky, only 29% of users who experienced ransomware attacks were able to restore all their encrypted or blocked files after an attack.

Half lost at least some files, 32% lost a significant amount, and 18% lost a small number of files. Meanwhile, 13% who did experience such an incident lost almost all their data.

Get the latest ransomware news and analysis

Marina Titova, head of consumer product marketing at Kaspersky, commented that “handing over money doesn’t guarantee the return of data, and only encourages cybercriminals to continue the practice”.

Kaspersky advises users to regularly back up their data and use security software in order to safeguard against potential ransomware infestation.

Consumers are advised to avoid clicking links in spam emails or visiting unfamiliar websites. Caution in opening email attachments from senders you do not trust, or in using USB discs of uncertain origin, is also advised.


Ransomware is a form of malware that either encrypts data or (less commonly) locks users out of their devices. Victims are told they need to pay in order to get access to encryption keys that will supposedly unlock their compromised data.

Payments are typically made in digital currency – most commonly bitcoin – with prices that escalate in time in order to further coerce unfortunate marks into paying up.

A recent study by cyber intelligence firm Group-IB separately estimated that the number of ransomware attacks grew by more than 150% in 2020.

Ransomware attacks not only grew in number, but also in scale and sophistication – the average ransom demand increased by more than twofold and amounted to $170,000 in 2020.

Kaspersky’s survey was released on the eve of World Backup Day (March 31).

The cybersecurity firm was unable to say whether or not the experience of consumers is mirrored by that of business ransomware victims, since the survey focused specifically on consumers.

But it added that it's clear that a significant number of businesses that fall victim to ransomware attacks do also pay the ransom.

“Ransom payments fuel the further development of ransomware attacks,” a representative of Kaspersky told The Daily Swig. “This why some (including former head of the UK's National Cyber Security Centre, Ciaran Martin) have publicly called for ransom payments to be made illegal – to deprive ransomware gangs of the funding they use to develop their business further.

“Moreover, there have certainly been cases reported where criminals have failed to restore the data of businesses that have paid a ransom,” the representative added.


By John Leyden, 30 March 2021